along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "includes.h"
+#include "lib/replace/replace.h"
+#include "libcli/util/ntstatus.h"
+#include "libcli/util/werror.h"
+#include "lib/util/data_blob.h"
+#include "lib/util/time.h"
+#include "libcli/resolve/resolve.h"
#include "nsswitch/libwbclient/wbclient.h"
-#include "nsswitch/libwbclient/wbc_async.h"
#include "torture/smbtorture.h"
#include "torture/winbind/proto.h"
#include "lib/util/util_net.h"
+#include "lib/util/charset/charset.h"
+#include "libcli/auth/libcli_auth.h"
+#include "lib/param/param.h"
+#include "lib/util/samba_util.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
#define WBC_ERROR_EQUAL(x,y) (x == y)
-#define torture_assert_wbc_equal(torture_ctx, got, expected, cmt) \
+#define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg) \
do { wbcErr __got = got, __expected = expected; \
if (!WBC_ERROR_EQUAL(__got, __expected)) { \
- torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", wbcErrorString(__got), wbcErrorString(__expected), cmt); \
+ torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
return false; \
} \
} while (0)
-#define torture_assert_wbc_ok(torture_ctx,expr,cmt) \
- torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt)
+#define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg) \
+ torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
+
+#define torture_assert_wbc_equal_goto_fail(torture_ctx, got, expected, cmt, cmt_arg) \
+ do { wbcErr __got = got, __expected = expected; \
+ if (!WBC_ERROR_EQUAL(__got, __expected)) { \
+ torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
+ goto fail; \
+ } \
+ } while (0)
+#define torture_assert_wbc_ok_goto_fail(torture_ctx,expr,cmt,cmt_arg) \
+ torture_assert_wbc_equal_goto_fail(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
-static void wbc_debug_torture(void *private_data, enum wbcDebugLevel level,
- const char *fmt, va_list ap) PRINTF_ATTRIBUTE(3,0);
-static void wbc_debug_torture(void *private_data, enum wbcDebugLevel level,
- const char *fmt, va_list ap)
-{
- struct torture_context *tctx = talloc_get_type_abort(private_data,
- struct torture_context);
- torture_comment(tctx, "%s", talloc_vasprintf(tctx, fmt, ap));
-}
+#define torture_assert_str_equal_goto_fail(torture_ctx,got,expected,cmt)\
+ do { const char *__got = (got), *__expected = (expected); \
+ if (strcmp(__got, __expected) != 0) { \
+ torture_result(torture_ctx, TORTURE_FAIL, \
+ __location__": "#got" was %s, expected %s: %s", \
+ __got, __expected, cmt); \
+ goto fail;; \
+ } \
+ } while(0)
static bool test_wbc_ping(struct torture_context *tctx)
{
torture_assert_wbc_ok(tctx, wbcPing(),
- "wbcPing failed");
+ "%s", "wbcPing failed");
return true;
}
-static bool test_wbc_ping_async(struct torture_context *tctx)
+static bool test_wbc_pingdc(struct torture_context *tctx)
{
- struct wb_context *wb_ctx;
- struct tevent_req *req;
-
- wb_ctx = wb_context_init(tctx, NULL);
-
- req = wbcPing_send(tctx, tctx->ev, wb_ctx);
- torture_assert(tctx, req, "wbcPing_send failed");
-
- if(!tevent_req_poll(req, tctx->ev)) {
- return false;
- }
- torture_assert_wbc_ok(tctx, wbcPing_recv(req), "wbcPing_recv failed");
- return true;
+ struct wbcInterfaceDetails *details = NULL;
+ wbcErr ret = false;
+
+ torture_assert_wbc_equal_goto_fail(tctx,
+ wbcPingDc("random_string", NULL),
+ WBC_ERR_DOMAIN_NOT_FOUND,
+ "%s",
+ "wbcPingDc failed");
+ torture_assert_wbc_ok_goto_fail(tctx, wbcPingDc(NULL, NULL),
+ "%s", "wbcPingDc failed");
+
+ torture_assert_wbc_ok_goto_fail(tctx, wbcInterfaceDetails(&details),
+ "%s", "wbcInterfaceDetails failed");
+ torture_assert_goto(tctx, details, ret, fail,
+ "wbcInterfaceDetails returned NULL pointer");
+ torture_assert_goto(tctx, details->netbios_domain, ret, fail,
+ "wbcInterfaceDetails returned NULL netbios_domain");
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcPingDc(details->netbios_domain, NULL),
+ "wbcPingDc(%s) failed",
+ details->netbios_domain);
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcPingDc("BUILTIN", NULL),
+ "%s",
+ "wbcPingDc(BUILTIN) failed");
+
+ ret = true;
+fail:
+ wbcFreeMemory(details);
+ return ret;
}
-
-static bool test_wbc_pingdc(struct torture_context *tctx)
+static bool test_wbc_pingdc2(struct torture_context *tctx)
{
- torture_assert_wbc_equal(tctx, wbcPingDc("random_string", NULL), WBC_ERR_NOT_IMPLEMENTED,
- "wbcPingDc failed");
- torture_assert_wbc_ok(tctx, wbcPingDc(NULL, NULL),
- "wbcPingDc failed");
+ struct wbcInterfaceDetails *details = NULL;
+ char *name = NULL;
+ wbcErr ret = false;
+
+ torture_assert_wbc_equal_goto_fail(tctx,
+ wbcPingDc2("random_string", NULL, &name),
+ WBC_ERR_DOMAIN_NOT_FOUND,
+ "%s",
+ "wbcPingDc2 failed");
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcPingDc2(NULL, NULL, &name),
+ "%s",
+ "wbcPingDc2 failed");
+ wbcFreeMemory(name);
+ name = NULL;
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcInterfaceDetails(&details),
+ "%s",
+ "wbcInterfaceDetails failed");
+ torture_assert_goto(tctx,
+ details,
+ ret,
+ fail,
+ "wbcInterfaceDetails returned NULL pointer");
+ torture_assert_goto(tctx,
+ details->netbios_domain,
+ ret,
+ fail,
+ "wbcInterfaceDetails returned NULL netbios_domain");
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcPingDc2(details->netbios_domain, NULL, &name),
+ "wbcPingDc2(%s) failed",
+ details->netbios_domain);
+ wbcFreeMemory(name);
+ name = NULL;
- return true;
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcPingDc2("BUILTIN", NULL, &name),
+ "%s",
+ "wbcPingDc2(BUILTIN) failed");
+
+ ret = true;
+fail:
+ wbcFreeMemory(name);
+ wbcFreeMemory(details);
+
+ return ret;
}
static bool test_wbc_library_details(struct torture_context *tctx)
struct wbcLibraryDetails *details;
torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details),
- "wbcLibraryDetails failed");
+ "%s", "wbcLibraryDetails failed");
torture_assert(tctx, details,
"wbcLibraryDetails returned NULL pointer");
struct wbcInterfaceDetails *details;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
- "wbcInterfaceDetails failed");
+ "%s", "wbcInterfaceDetails failed");
torture_assert(tctx, details,
- "wbcInterfaceDetails returned NULL pointer");
+ "wbcInterfaceDetails returned NULL pointer");
wbcFreeMemory(details);
torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN),
"SID_UNKNOWN", "SID_UNKNOWN failed");
torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER),
- "SID_COMPUTER", "SID_COMPUTER failed");
+ "SID_COMPUTER", "SID_COMPUTER failed");
+ torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_LABEL),
+ "SID_LABEL", "SID_LABEL failed");
return true;
}
char *sid_string2;
torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
- "wbcStringToSid failed");
+ "wbcStringToSid of %s failed", sid_string);
torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
- "wbcSidToString failed");
+ "wbcSidToString of %s failed", sid_string);
torture_assert_str_equal(tctx, sid_string, sid_string2,
"sid strings differ");
wbcFreeMemory(sid_string2);
char *guid_string2;
torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
- "wbcStringToGuid failed");
+ "wbcStringToGuid of %s failed", guid_string);
torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
- "wbcGuidToString failed");
+ "wbcGuidToString of %s failed", guid_string);
torture_assert_str_equal(tctx, guid_string, guid_string2,
- "guid strings differ");
+ "guid strings differ");
wbcFreeMemory(guid_string2);
return true;
static bool test_wbc_domain_info(struct torture_context *tctx)
{
- struct wbcDomainInfo *info;
- struct wbcInterfaceDetails *details;
-
- torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
- "wbcInterfaceDetails failed");
- torture_assert_wbc_ok(
- tctx, wbcDomainInfo(details->netbios_domain, &info),
- "wbcDomainInfo failed");
+ struct wbcDomainInfo *info = NULL;
+ struct wbcInterfaceDetails *details = NULL;
+ wbcErr ret = false;
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcInterfaceDetails(&details),
+ "%s",
+ "wbcInterfaceDetails failed");
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcDomainInfo(details->netbios_domain, &info),
+ "%s",
+ "wbcDomainInfo failed");
+
+ torture_assert_goto(tctx,
+ info,
+ ret,
+ fail,
+ "wbcDomainInfo returned NULL pointer");
+
+ ret = true;
+fail:
wbcFreeMemory(details);
-
- torture_assert(tctx, info,
- "wbcDomainInfo returned NULL pointer");
wbcFreeMemory(info);
- return true;
+ return ret;
}
static bool test_wbc_users(struct torture_context *tctx)
{
const char *domain_name = NULL;
uint32_t num_users;
- const char **users;
- int i;
- struct wbcInterfaceDetails *details;
+ const char **users = NULL;
+ uint32_t i;
+ struct wbcInterfaceDetails *details = NULL;
+ struct wbcDomainSid *sids = NULL;
+ char *domain = NULL;
+ char *name = NULL;
+ char *sid_string = NULL;
+ wbcErr ret = false;
+ char separator;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
- "wbcInterfaceDetails failed");
+ "%s", "wbcInterfaceDetails failed");
domain_name = talloc_strdup(tctx, details->netbios_domain);
+ torture_assert_goto(tctx,
+ domain_name != NULL,
+ ret,
+ fail,
+ "Failed to allocate domain_name");
+ separator = details->winbind_separator;
wbcFreeMemory(details);
-
- torture_assert_wbc_ok(tctx, wbcListUsers(domain_name, &num_users, &users),
- "wbcListUsers failed");
- torture_assert(tctx, !(num_users > 0 && !users),
- "wbcListUsers returned invalid results");
-
- for (i=0; i < MIN(num_users,100); i++) {
-
- struct wbcDomainSid sid, *sids;
+ details = NULL;
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcListUsers(domain_name, &num_users, &users),
+ "%s",
+ "wbcListUsers failed");
+ torture_assert_goto(tctx,
+ !(num_users > 0 && !users),
+ ret,
+ fail,
+ "wbcListUsers returned invalid results");
+
+ for (i = 0; i < MIN(num_users, 100); i++) {
+ struct wbcDomainSid sid;
enum wbcSidType name_type;
- char *domain;
- char *name;
uint32_t num_sids;
+ const char *user;
+ char *c;
+
+ c = strchr(users[i], separator);
+
+ if (c == NULL) {
+ /*
+ * NT4 DC
+ * user name does not contain DOMAIN SEPARATOR prefix.
+ */
+
+ user = users[i];
+ } else {
+ /*
+ * AD DC
+ * user name starts with DOMAIN SEPARATOR prefix.
+ */
+ const char *dom;
+
+ *c = '\0';
+ dom = users[i];
+ user = c + 1;
+
+ torture_assert_str_equal_goto(tctx, dom, domain_name,
+ ret, fail, "Domain part "
+ "of user name does not "
+ "match domain name.\n");
+ }
- torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, users[i], &sid, &name_type),
- "wbcLookupName failed");
- torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
- "wbcLookupName expected WBC_SID_NAME_USER");
- torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
- "wbcLookupSid failed");
- torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
- "wbcLookupSid expected WBC_SID_NAME_USER");
- torture_assert(tctx, name,
- "wbcLookupSid returned no name");
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcLookupName(domain_name, user,
+ &sid, &name_type),
+ "wbcLookupName of %s failed",
+ users[i]);
+ torture_assert_int_equal_goto(tctx,
+ name_type, WBC_SID_NAME_USER,
+ ret,
+ fail,
+ "wbcLookupName expected WBC_SID_NAME_USER");
+ wbcSidToString(&sid, &sid_string);
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcLookupSid(&sid,
+ &domain,
+ &name,
+ &name_type),
+ "wbcLookupSid of %s failed",
+ sid_string);
+ torture_assert_int_equal_goto(tctx,
+ name_type, WBC_SID_NAME_USER,
+ ret,
+ fail,
+ "wbcLookupSid of expected WBC_SID_NAME_USER");
+ torture_assert_goto(tctx,
+ name,
+ ret,
+ fail,
+ "wbcLookupSid returned no name");
wbcFreeMemory(domain);
+ domain = NULL;
wbcFreeMemory(name);
- torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true, &num_sids, &sids),
- "wbcLookupUserSids failed");
- torture_assert_wbc_ok(
- tctx, wbcGetDisplayName(&sid, &domain, &name,
- &name_type),
- "wbcGetDisplayName failed");
+ name = NULL;
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcLookupUserSids(&sid, true, &num_sids, &sids),
+ "wbcLookupUserSids of %s failed", sid_string);
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcGetDisplayName(&sid,
+ &domain,
+ &name,
+ &name_type),
+ "wbcGetDisplayName of %s failed",
+ sid_string);
wbcFreeMemory(domain);
+ domain = NULL;
wbcFreeMemory(name);
+ name = NULL;
wbcFreeMemory(sids);
+ sids = NULL;
+ wbcFreeMemory(sid_string);
+ sid_string = NULL;
}
- wbcFreeMemory(users);
-
- return true;
-}
-
-static bool test_wbc_users_async(struct torture_context *tctx)
-{
- struct wb_context *wb_ctx;
- struct tevent_req *req;
- const char *domain_name = NULL;
- uint32_t num_users;
- const char **users;
- int i;
- struct wbcInterfaceDetails *details;
-
- wb_ctx = wb_context_init(tctx, NULL);
- wbcSetDebug(wb_ctx, wbc_debug_torture, tctx);
-
- req = wbcInterfaceDetails_send(tctx, tctx->ev, wb_ctx);
- torture_assert(tctx, req, "wbcInterfaceDetails_send failed");
-
- if(!tevent_req_poll(req, tctx->ev)) {
- return false;
- }
- torture_assert_wbc_ok(tctx,
- wbcInterfaceDetails_recv(req, tctx, &details),
- "wbcInterfaceDetails_recv failed");
- domain_name = talloc_strdup(tctx, details->netbios_domain);
+ ret = true;
+fail:
wbcFreeMemory(details);
-
- /* No async implementation of this yet. */
- torture_assert_wbc_ok(tctx, wbcListUsers(domain_name, &num_users, &users),
- "wbcListUsers failed");
- torture_assert(tctx, !(num_users > 0 && !users),
- "wbcListUsers returned invalid results");
-
- for (i=0; i < MIN(num_users,100); i++) {
-
- struct wbcDomainSid sid, *sids;
- enum wbcSidType name_type;
- char *domain;
- char *name;
- uint32_t num_sids;
-
- req = wbcLookupName_send(tctx, tctx->ev, wb_ctx, domain_name,
- users[i]);
- torture_assert(tctx, req, "wbcLookupName_send failed");
-
- if(!tevent_req_poll(req, tctx->ev)) {
- return false;
- }
-
- torture_assert_wbc_ok(tctx,
- wbcLookupName_recv(req, &sid, &name_type),
- "wbcLookupName_recv failed");
-
- torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
- "wbcLookupName expected WBC_SID_NAME_USER");
- torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
- "wbcLookupSid failed");
- torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_USER,
- "wbcLookupSid expected WBC_SID_NAME_USER");
- torture_assert(tctx, name,
- "wbcLookupSid returned no name");
- wbcFreeMemory(domain);
- wbcFreeMemory(name);
- torture_assert_wbc_ok(tctx, wbcLookupUserSids(&sid, true, &num_sids, &sids),
- "wbcLookupUserSids failed");
- wbcFreeMemory(sids);
- }
wbcFreeMemory(users);
+ wbcFreeMemory(domain);
+ wbcFreeMemory(name);
+ wbcFreeMemory(sids);
+ wbcFreeMemory(sid_string);
- return true;
+ return ret;
}
static bool test_wbc_groups(struct torture_context *tctx)
{
+ wbcErr ret = false;
const char *domain_name = NULL;
uint32_t num_groups;
- const char **groups;
- int i;
- struct wbcInterfaceDetails *details;
+ const char **groups = NULL;
+ uint32_t i;
+ struct wbcInterfaceDetails *details = NULL;
+ char *domain = NULL;
+ char *name = NULL;
+ char *sid_string = NULL;
+ char separator;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
- "wbcInterfaceDetails failed");
+ "%s", "wbcInterfaceDetails failed");
domain_name = talloc_strdup(tctx, details->netbios_domain);
+ torture_assert_goto(tctx,
+ domain_name != NULL,
+ ret,
+ fail,
+ "Failed to allocate domain_name");
+ separator = details->winbind_separator;
wbcFreeMemory(details);
-
- torture_assert_wbc_ok(tctx, wbcListGroups(domain_name, &num_groups, &groups),
- "wbcListGroups failed");
- torture_assert(tctx, !(num_groups > 0 && !groups),
- "wbcListGroups returned invalid results");
+ details = NULL;
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcListGroups(domain_name, &num_groups, &groups),
+ "wbcListGroups in %s failed",
+ domain_name);
+ torture_assert_goto(tctx,
+ !(num_groups > 0 && !groups),
+ ret,
+ fail,
+ "wbcListGroups returned invalid results");
for (i=0; i < MIN(num_groups,100); i++) {
-
struct wbcDomainSid sid;
enum wbcSidType name_type;
- char *domain;
- char *name;
+ const char *group;
+ char *c;
+
+ c = strchr(groups[i], separator);
+
+ if (c == NULL) {
+ /*
+ * NT4 DC
+ * group name does not contain DOMAIN SEPARATOR prefix.
+ */
+
+ group = groups[i];
+ } else {
+ /*
+ * AD DC
+ * group name starts with DOMAIN SEPARATOR prefix.
+ */
+ const char *dom;
+
+
+ *c = '\0';
+ dom = groups[i];
+ group = c + 1;
+
+ torture_assert_str_equal_goto(tctx, dom, domain_name,
+ ret, fail, "Domain part "
+ "of group name does not "
+ "match domain name.\n");
+ }
- torture_assert_wbc_ok(tctx, wbcLookupName(domain_name, groups[i], &sid, &name_type),
- "wbcLookupName failed");
- torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
- "wbcLookupSid failed");
- torture_assert(tctx, name,
- "wbcLookupSid returned no name");
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcLookupName(domain_name,
+ group,
+ &sid,
+ &name_type),
+ "wbcLookupName for %s failed",
+ domain_name);
+ wbcSidToString(&sid, &sid_string);
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcLookupSid(&sid,
+ &domain,
+ &name,
+ &name_type),
+ "wbcLookupSid of %s failed",
+ sid_string);
+ torture_assert_goto(tctx,
+ name,
+ ret,
+ fail,
+ "wbcLookupSid returned no name");
+
+ wbcFreeMemory(domain);
+ domain = NULL;
+ wbcFreeMemory(name);
+ name = NULL;
+ wbcFreeMemory(sid_string);
+ sid_string = NULL;
}
+
+ ret = true;
+fail:
+ wbcFreeMemory(details);
wbcFreeMemory(groups);
+ wbcFreeMemory(domain);
+ wbcFreeMemory(name);
+ wbcFreeMemory(sid_string);
- return true;
+ return ret;
}
static bool test_wbc_trusts(struct torture_context *tctx)
{
- struct wbcDomainInfo *domains;
+ struct wbcDomainInfo *domains = NULL;
+ struct wbcAuthErrorInfo *error = NULL;
size_t num_domains;
- int i;
-
- torture_assert_wbc_ok(tctx, wbcListTrusts(&domains, &num_domains),
- "wbcListTrusts failed");
- torture_assert(tctx, !(num_domains > 0 && !domains),
- "wbcListTrusts returned invalid results");
+ uint32_t i;
+ wbcErr ret = false;
+
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcListTrusts(&domains, &num_domains),
+ "%s",
+ "wbcListTrusts failed");
+ torture_assert_goto(tctx,
+ !(num_domains > 0 && !domains),
+ ret,
+ fail,
+ "wbcListTrusts returned invalid results");
for (i=0; i < MIN(num_domains,100); i++) {
- struct wbcAuthErrorInfo *error;
/*
struct wbcDomainSid sid;
enum wbcSidType name_type;
char *domain;
char *name;
*/
- torture_assert_wbc_ok(tctx, wbcCheckTrustCredentials(domains[i].short_name, &error),
- "wbcCheckTrustCredentials failed");
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcCheckTrustCredentials(domains[i].short_name,
+ &error),
+ "%s",
+ "wbcCheckTrustCredentials failed");
/*
torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type),
"wbcLookupName failed");
torture_assert(tctx, name,
"wbcLookupSid returned no name");
*/
+ wbcFreeMemory(error);
+ error = NULL;
}
+
+ ret = true;
+fail:
wbcFreeMemory(domains);
+ wbcFreeMemory(error);
- return true;
+ return ret;
}
static bool test_wbc_lookupdc(struct torture_context *tctx)
struct wbcDomainControllerInfo *dc_info;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
- "wbcInterfaceDetails failed");
+ "%s", "wbcInterfaceDetails failed");
domain_name = talloc_strdup(tctx, details->netbios_domain);
wbcFreeMemory(details);
torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info),
- "wbcLookupDomainController failed");
+ "wbcLookupDomainController for %s failed", domain_name);
wbcFreeMemory(dc_info);
return true;
struct wbcDomainControllerInfoEx *dc_info;
torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
- "wbcInterfaceDetails failed");
+ "%s", "wbcInterfaceDetails failed");
domain_name = talloc_strdup(tctx, details->netbios_domain);
wbcFreeMemory(details);
torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info),
- "wbcLookupDomainControllerEx failed");
+ "wbcLookupDomainControllerEx for %s failed", domain_name);
wbcFreeMemory(dc_info);
return true;
name = torture_setting_string(tctx, "host", NULL);
+ torture_comment(tctx, "test-WinsByName: host='%s'\n", name);
+
ret = wbcResolveWinsByName(name, &ip);
if (is_ipaddress(name)) {
- torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName failed");
+ torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName of %s failed", name);
} else {
- torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName failed");
+ torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName for %s failed", name);
}
return true;
static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
{
const char *ip;
+ const char *host;
+ struct nbt_name nbt_name;
char *name;
wbcErr ret;
+ NTSTATUS status;
- ip = torture_setting_string(tctx, "host", NULL);
+ host = torture_setting_string(tctx, "host", NULL);
+
+ torture_comment(tctx, "test-WinsByIp: host='%s'\n", host);
+
+ make_nbt_name_server(&nbt_name, host);
+
+ status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+ 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+ torture_assert_ntstatus_ok(tctx, status,
+ talloc_asprintf(tctx,"Failed to resolve %s: %s",
+ nbt_name.name, nt_errstr(status)));
+
+ torture_comment(tctx, "test-WinsByIp: ip='%s'\n", ip);
ret = wbcResolveWinsByIP(ip, &name);
- torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP failed");
+ torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP for %s failed", ip);
wbcFreeMemory(name);
{
struct wbcDomainSid builtin;
uint32_t rids[2] = { 544, 545 };
- const char *domain_name, **names;
+ const char *domain_name = NULL;
+ const char **names = NULL;
enum wbcSidType *types;
- wbcErr ret;
+ wbcErr ret = false;
wbcStringToSid("S-1-5-32", &builtin);
ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names,
&types);
- torture_assert_wbc_ok(tctx, ret, "wbcLookupRids failed");
+ torture_assert_wbc_ok_goto_fail(
+ tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed");
torture_assert_str_equal(
tctx, names[0], "Administrators",
"S-1-5-32-544 not mapped to 'Administrators'");
- torture_assert_str_equal(
+ torture_assert_str_equal_goto_fail(
tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
- wbcFreeMemory((char *)domain_name);
+ ret = true;
+fail:
+ wbcFreeMemory(discard_const_p(char ,domain_name));
wbcFreeMemory(names);
wbcFreeMemory(types);
-
- return true;
+ return ret;
}
static bool test_wbc_get_sidaliases(struct torture_context *tctx)
{
struct wbcDomainSid builtin;
- struct wbcDomainInfo *info;
- struct wbcInterfaceDetails *details;
+ struct wbcDomainInfo *info = NULL;
+ struct wbcInterfaceDetails *details = NULL;
struct wbcDomainSid sids[2];
- uint32_t *rids;
+ uint32_t *rids = NULL;
uint32_t num_rids;
- wbcErr ret;
+ wbcErr ret = false;
- torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
- "wbcInterfaceDetails failed");
- torture_assert_wbc_ok(
- tctx, wbcDomainInfo(details->netbios_domain, &info),
- "wbcDomainInfo failed");
- wbcFreeMemory(details);
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcInterfaceDetails(&details),
+ "%s",
+ "wbcInterfaceDetails failed");
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcDomainInfo(details->netbios_domain, &info),
+ "wbcDomainInfo of %s failed",
+ details->netbios_domain);
sids[0] = info->sid;
sids[0].sub_auths[sids[0].num_auths++] = 500;
sids[1] = info->sid;
sids[1].sub_auths[sids[1].num_auths++] = 512;
- wbcFreeMemory(info);
- torture_assert_wbc_ok(
- tctx, wbcStringToSid("S-1-5-32", &builtin),
- "wbcStringToSid failed");
+ torture_assert_wbc_ok_goto_fail(tctx,
+ wbcStringToSid("S-1-5-32", &builtin),
+ "wbcStringToSid of %s failed",
+ "S-1-5-32");
ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids);
- torture_assert_wbc_ok(tctx, ret, "wbcGetSidAliases failed");
+ torture_assert_wbc_ok_goto_fail(tctx,
+ ret,
+ "%s",
+ "wbcGetSidAliases failed");
+ ret = true;
+fail:
+ wbcFreeMemory(details);
+ wbcFreeMemory(info);
wbcFreeMemory(rids);
-
- return true;
+ return ret;
}
static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
struct wbcAuthUserInfo *info = NULL;
struct wbcAuthErrorInfo *error = NULL;
wbcErr ret;
+ struct cli_credentials *creds = samba_cmdline_get_creds();
- ret = wbcAuthenticateUser(getenv("USERNAME"), correct_password);
+ ret = wbcAuthenticateUser(cli_credentials_get_username(
+ creds), correct_password);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcAuthenticateUser failed");
+ "wbcAuthenticateUser of %s failed",
+ cli_credentials_get_username(creds));
ZERO_STRUCT(params);
- params.account_name = getenv("USERNAME");
+ params.account_name =
+ cli_credentials_get_username(creds);
params.level = WBC_AUTH_USER_LEVEL_PLAIN;
params.password.plaintext = correct_password;
ret = wbcAuthenticateUserEx(¶ms, &info, &error);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcAuthenticateUserEx failed");
+ "wbcAuthenticateUserEx of %s failed", params.account_name);
wbcFreeMemory(info);
info = NULL;
params.password.plaintext = "wrong";
ret = wbcAuthenticateUserEx(¶ms, &info, &error);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
- "wbcAuthenticateUserEx succeeded where it "
- "should have failed");
+ "wbcAuthenticateUserEx for %s succeeded where it "
+ "should have failed", params.account_name);
wbcFreeMemory(info);
info = NULL;
static bool test_wbc_authenticate_user(struct torture_context *tctx)
{
- return test_wbc_authenticate_user_int(tctx, getenv("PASSWORD"));
+ struct cli_credentials *creds = samba_cmdline_get_creds();
+
+ return test_wbc_authenticate_user_int(tctx,
+ cli_credentials_get_password(creds));
+}
+
+static bool test_wbc_change_password(struct torture_context *tctx)
+{
+ wbcErr ret;
+ struct cli_credentials *creds = samba_cmdline_get_creds();
+ const char *oldpass =
+ cli_credentials_get_password(creds);
+ const char *newpass = "Koo8irei%$";
+
+ struct samr_CryptPassword new_nt_password;
+ struct samr_CryptPassword new_lm_password;
+ struct samr_Password old_nt_hash_enc;
+ struct samr_Password old_lanman_hash_enc;
+
+ gnutls_cipher_hd_t cipher_hnd = NULL;
+
+ uint8_t old_nt_hash[16];
+ uint8_t old_lanman_hash[16];
+ uint8_t new_nt_hash[16];
+ uint8_t new_lanman_hash[16];
+ gnutls_datum_t old_nt_key = {
+ .data = old_nt_hash,
+ .size = sizeof(old_nt_hash),
+ };
+
+ struct wbcChangePasswordParams params;
+
+ if (oldpass == NULL) {
+ torture_skip(tctx,
+ "skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
+ }
+
+ ZERO_STRUCT(params);
+
+ E_md4hash(oldpass, old_nt_hash);
+ E_md4hash(newpass, new_nt_hash);
+
+ if (lpcfg_client_lanman_auth(tctx->lp_ctx) &&
+ E_deshash(newpass, new_lanman_hash) &&
+ E_deshash(oldpass, old_lanman_hash)) {
+
+ /* E_deshash returns false for 'long' passwords (> 14
+ DOS chars). This allows us to match Win2k, which
+ does not store a LM hash for these passwords (which
+ would reduce the effective password length to 14) */
+
+ encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
+
+ gnutls_cipher_init(&cipher_hnd,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ &old_nt_key,
+ NULL);
+ gnutls_cipher_encrypt(cipher_hnd,
+ new_lm_password.data,
+ 516);
+ gnutls_cipher_deinit(cipher_hnd);
+
+ E_old_pw_hash(new_nt_hash, old_lanman_hash,
+ old_lanman_hash_enc.hash);
+
+ params.old_password.response.old_lm_hash_enc_length =
+ sizeof(old_lanman_hash_enc.hash);
+ params.old_password.response.old_lm_hash_enc_data =
+ old_lanman_hash_enc.hash;
+ params.new_password.response.lm_length =
+ sizeof(new_lm_password.data);
+ params.new_password.response.lm_data =
+ new_lm_password.data;
+ } else {
+ ZERO_STRUCT(new_lm_password);
+ ZERO_STRUCT(old_lanman_hash_enc);
+ }
+
+ encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
+
+ gnutls_cipher_init(&cipher_hnd,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ &old_nt_key,
+ NULL);
+ gnutls_cipher_encrypt(cipher_hnd,
+ new_nt_password.data,
+ 516);
+ gnutls_cipher_deinit(cipher_hnd);
+
+ E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
+
+ params.old_password.response.old_nt_hash_enc_length =
+ sizeof(old_nt_hash_enc.hash);
+ params.old_password.response.old_nt_hash_enc_data =
+ old_nt_hash_enc.hash;
+ params.new_password.response.nt_length = sizeof(new_nt_password.data);
+ params.new_password.response.nt_data = new_nt_password.data;
+
+ params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
+ params.account_name =
+ cli_credentials_get_username(creds);
+ params.domain_name =
+ cli_credentials_get_domain(creds);
+
+ ret = wbcChangeUserPasswordEx(¶ms, NULL, NULL, NULL);
+ torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+ "wbcChangeUserPassword for %s failed", params.account_name);
+
+ if (!test_wbc_authenticate_user_int(tctx, newpass)) {
+ return false;
+ }
+
+ ret = wbcChangeUserPassword(
+ cli_credentials_get_username(creds),
+ newpass,
+ cli_credentials_get_password(creds));
+ torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+ "wbcChangeUserPassword for %s failed", params.account_name);
+
+ return test_wbc_authenticate_user_int(tctx,
+ cli_credentials_get_password(creds));
}
static bool test_wbc_logon_user(struct torture_context *tctx)
enum wbcSidType sidtype;
char *sidstr;
wbcErr ret;
+ struct cli_credentials *creds = samba_cmdline_get_creds();
ZERO_STRUCT(params);
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM,
- "wbcLogonUser succeeded where it should "
+ "%s", "wbcLogonUser succeeded for NULL where it should "
"have failed");
- params.username = getenv("USERNAME");
- params.password = getenv("PASSWORD");
+ params.username =
+ cli_credentials_get_username(creds);
+ params.password =
+ cli_credentials_get_password(creds);
ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
"foo", 0, discard_const_p(uint8_t, "bar"), 4);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcAddNamedBlob failed");
+ "%s", "wbcAddNamedBlob failed");
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcLogonUser failed");
+ "wbcLogonUser for %s failed", params.username);
wbcFreeMemory(info); info = NULL;
wbcFreeMemory(error); error = NULL;
wbcFreeMemory(policy); policy = NULL;
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
- "wbcLogonUser should have failed with "
- "WBC_ERR_AUTH_ERROR");
+ "wbcLogonUser for %s should have failed with "
+ "WBC_ERR_AUTH_ERROR", params.username);
wbcFreeMemory(info); info = NULL;
wbcFreeMemory(error); error = NULL;
wbcFreeMemory(policy); policy = NULL;
discard_const_p(uint8_t, "S-1-2-3-4"),
strlen("S-1-2-3-4")+1);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcAddNamedBlob failed");
- params.password = getenv("PASSWORD");
+ "%s", "wbcAddNamedBlob failed");
+ params.password =
+ cli_credentials_get_password(creds);
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
- "wbcLogonUser should have failed with "
- "WBC_ERR_AUTH_ERROR");
+ "wbcLogonUser for %s should have failed with "
+ "WBC_ERR_AUTH_ERROR", params.username);
wbcFreeMemory(info); info = NULL;
wbcFreeMemory(error); error = NULL;
wbcFreeMemory(policy); policy = NULL;
ret = wbcInterfaceDetails(&iface);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcInterfaceDetails failed");
+ "%s", "wbcInterfaceDetails failed");
- ret = wbcLookupName(iface->netbios_domain, getenv("USERNAME"), &sid,
- &sidtype);
+ ret = wbcLookupName(iface->netbios_domain,
+ cli_credentials_get_username(creds),
+ &sid,
+ &sidtype);
wbcFreeMemory(iface);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcLookupName failed");
+ "wbcLookupName for %s failed",
+ cli_credentials_get_username(creds));
ret = wbcSidToString(&sid, &sidstr);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcSidToString failed");
+ "%s", "wbcSidToString failed");
ret = wbcAddNamedBlob(¶ms.num_blobs, ¶ms.blobs,
"membership_of", 0,
(uint8_t *)sidstr, strlen(sidstr)+1);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcAddNamedBlob failed");
+ "%s", "wbcAddNamedBlob failed");
wbcFreeMemory(sidstr);
- params.password = getenv("PASSWORD");
+ params.password =
+ cli_credentials_get_password(creds);
ret = wbcLogonUser(¶ms, &info, &error, &policy);
torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
- "wbcLogonUser failed");
+ "wbcLogonUser for %s failed", params.username);
wbcFreeMemory(info); info = NULL;
wbcFreeMemory(error); error = NULL;
wbcFreeMemory(policy); policy = NULL;
return true;
}
-struct torture_suite *torture_wbclient(void)
+static bool test_wbc_getgroups(struct torture_context *tctx)
+{
+ wbcErr ret;
+ uint32_t num_groups;
+ gid_t *groups;
+ struct cli_credentials *creds = samba_cmdline_get_creds();
+
+ ret = wbcGetGroups(
+ cli_credentials_get_username(creds),
+ &num_groups,
+ &groups);
+ torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+ "wbcGetGroups for %s failed",
+ cli_credentials_get_username(creds));
+ wbcFreeMemory(groups);
+ return true;
+}
+
+struct torture_suite *torture_wbclient(TALLOC_CTX *ctx)
{
- struct torture_suite *suite = torture_suite_create(talloc_autofree_context(), "WBCLIENT");
+ struct torture_suite *suite = torture_suite_create(ctx, "wbclient");
torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping);
- torture_suite_add_simple_test(suite, "wbcPing_async", test_wbc_ping_async);
torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc);
+ torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc2);
torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring);
torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info);
torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
- torture_suite_add_simple_test(suite, "wbcListUsers_async", test_wbc_users_async);
torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts);
torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc);
test_wbc_authenticate_user);
torture_suite_add_simple_test(suite, "wbcLogonUser",
test_wbc_logon_user);
+ torture_suite_add_simple_test(suite, "wbcChangeUserPassword",
+ test_wbc_change_password);
+ torture_suite_add_simple_test(suite, "wbcGetGroups",
+ test_wbc_getgroups);
return suite;
}